From e8936126af4e2f013dae8ce071135bef0609522f Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Tue, 18 Dec 2001 23:10:46 +0000
Subject: [PATCH] Much stricter checking of the keyserver URI IDEA warning for
 pk messages encrypted with IDEA (symmetric is already done) Print IDEA
 warning for each occurance except for secret key protection and unknown
 cipher from an encrypted message.

---
 g10/ChangeLog     | 15 +++++++++++++++
 g10/g10.c         | 14 +++++++-------
 g10/gpgv.c        |  2 +-
 g10/keygen.c      |  2 +-
 g10/keyserver.c   | 21 ++++++++++++++++++---
 g10/main.h        |  2 +-
 g10/mainproc.c    |  2 +-
 g10/pubkey-enc.c  |  3 +++
 g10/seckey-cert.c |  2 +-
 9 files changed, 48 insertions(+), 15 deletions(-)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index e75c1caa4..b6665abeb 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,18 @@
+2001-12-18  David Shaw  <dshaw@jabberwocky.com>
+
+	* g10.c (idea_cipher_warn): Add a flag to show the warning always
+	or once per session and change all callers (show always except for
+	the secret key protection and unknown cipher from an encrypted
+	message errors).  Also make the strings translatable.
+
+	* pubkey-enc.c (get_it): Add the IDEA cipher warning if the user
+	tries to decrypt an IDEA encrypted message without the IDEA
+	plugin.
+
+	* keyserver.c (parse_keyserver_uri): More strict checking of the
+	keyserver URI.  Specifically, fail if the ":port" section is
+	anything except a number between 1 and 65535.
+
 2001-12-17  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyserver.c (print_keyinfo): No need to check for
diff --git a/g10/g10.c b/g10/g10.c
index a6b069df7..d2865fe70 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -1243,7 +1243,7 @@ main( int argc, char **argv )
 	      {
 		log_info(_("encrypting a message in --pgp2 mode requires "
 			   "the IDEA cipher\n"));
-		idea_cipher_warn();
+		idea_cipher_warn(1);
 		unusable=1;
 	      }
 	    else
@@ -1278,7 +1278,7 @@ main( int argc, char **argv )
     if( def_cipher_string ) {
 	opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
 	if(opt.def_cipher_algo==0 && strcasecmp(def_cipher_string,"idea")==0)
-	  idea_cipher_warn();
+	  idea_cipher_warn(1);
 	m_free(def_cipher_string); def_cipher_string = NULL;
 	if( check_cipher_algo(opt.def_cipher_algo) )
 	    log_error(_("selected cipher algorithm is invalid\n"));
@@ -2142,15 +2142,15 @@ check_policy_url( const char *s )
 
 /* Special warning for the IDEA cipher */
 void
-idea_cipher_warn(void)
+idea_cipher_warn(int show)
 {
   static int warned=0;
 
-  if(!warned)
+  if(!warned || show)
     {
-      log_info("the IDEA cipher plugin is not present\n");
-      log_info("please see http://www.gnupg.org/why-not-idea.html "
-	       "for more information\n");
+      log_info(_("the IDEA cipher plugin is not present\n"));
+      log_info(_("please see http://www.gnupg.org/why-not-idea.html "
+		 "for more information\n"));
       warned=1;
     }
 }
diff --git a/g10/gpgv.c b/g10/gpgv.c
index 0cde70ffe..3044d9e4b 100644
--- a/g10/gpgv.c
+++ b/g10/gpgv.c
@@ -302,7 +302,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
 
 /* Stub: no decrypting, so no IDEA needed */
 void
-idea_cipher_warn(void) {}
+idea_cipher_warn( int show ) {}
 
 /* Stubs to void linking to ../cipher/cipher.c */
 int string_to_cipher_algo( const char *string ) { return 0; }
diff --git a/g10/keygen.c b/g10/keygen.c
index 036ae6647..f79a4a664 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -178,7 +178,7 @@ set_one_pref (ulong val, int type, int (*cf)(int), byte *buf, int *nbuf)
     if (cf (val)) {
         log_info (_("preference %c%lu is not valid\n"), type, val);
 	if(type=='S' && val==CIPHER_ALGO_IDEA)
-	  idea_cipher_warn();
+	  idea_cipher_warn(1);
         return -1;
     }
     for (i=0; i < *nbuf; i++ ) {
diff --git a/g10/keyserver.c b/g10/keyserver.c
index d057e1d24..1f9cf2100 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <string.h>
+#include <ctype.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
@@ -121,13 +122,27 @@ parse_keyserver_uri(char *uri)
     opt.keyserver_port="0";
   else
     {
+      unsigned char *ch;
+
       /* Get the port */
       opt.keyserver_port=strsep(&uri,"/");
-      if(atoi(opt.keyserver_port)==0)
-	opt.keyserver_port="0";
+
+      /* Ports are digits only */
+      ch=opt.keyserver_port;
+      while(*ch!='\0')
+	{
+	  if(!isdigit(*ch))
+	    return G10ERR_BAD_URI;
+
+	  ch++;
+	}
+
+      if(strlen(opt.keyserver_port)==0 ||
+	 atoi(opt.keyserver_port)<1 || atoi(opt.keyserver_port)>65535)
+	return G10ERR_BAD_URI;
     }
 
-  /* (any path part of the URI is discarded) */
+  /* (any path part of the URI is discarded for now) */
 
   if(opt.keyserver_scheme[0]=='\0' || opt.keyserver_host[0]=='\0')
     return G10ERR_BAD_URI;
diff --git a/g10/main.h b/g10/main.h
index 064be9347..32ed0b3e8 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -48,7 +48,7 @@ extern int g10_errors_seen;
 void print_pubkey_algo_note( int algo );
 void print_cipher_algo_note( int algo );
 void print_digest_algo_note( int algo );
-void idea_cipher_warn(void);
+void idea_cipher_warn( int show );
 const char *get_temp_dir(void);
 
 /*-- armor.c --*/
diff --git a/g10/mainproc.c b/g10/mainproc.c
index d9fff2791..05437d422 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -432,7 +432,7 @@ proc_encrypted( CTX c, PACKET *pkt )
             algo = opt.def_cipher_algo;
             if (!algo)
                 algo = opt.s2k_cipher_algo;
-	    idea_cipher_warn();
+	    idea_cipher_warn(1);
             log_info (_("IDEA cipher unavailable, "
                         "optimistically attempting to use %s instead\n"),
                        cipher_algo_to_string(algo));
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 9e3ff434c..d31e3be33 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -32,6 +32,7 @@
 #include "cipher.h"
 #include "status.h"
 #include "options.h"
+#include "main.h"
 #include "i18n.h"
 
 static int get_it( PKT_pubkey_enc *k,
@@ -175,6 +176,8 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
 	if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) {
 	    log_info(_("cipher algorithm %d%s is unknown or disabled\n"),
                      dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":"");
+	    if(dek->algo==CIPHER_ALGO_IDEA)
+	      idea_cipher_warn(0);
 	}
 	dek->algo = 0;
 	goto leave;
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index a7472a489..5b5f23cb6 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -58,7 +58,7 @@ do_check( PKT_secret_key *sk )
 	if( check_cipher_algo( sk->protect.algo ) ) {
 	    log_info(_("protection algorithm %d%s is not supported\n"),
 			sk->protect.algo,sk->protect.algo==1?" (IDEA)":"" );
-	    idea_cipher_warn();
+	    idea_cipher_warn(0);
 	    return G10ERR_CIPHER_ALGO;
 	}
 	keyid_from_sk( sk, keyid );